I used mod_status for monitoring in real time the actual urls being requested and sent. As well as the ip address that requests are coming from and being sent to.

I can also set the program that relies on this to send out threshold alarms to email or pager.

This would be an awesome add-on for lsws if not already attainable.

Click to expand...

Yes, it looks cool.
If you are using scripts to detect possible attack based those information, it is not a good choice at all.
We have built-in anti-attack features to fend off attacks. Just relax.
Have you read this and adjust your configuration according?http://www.litespeedtech.com/docs/HowTo_QA.html#qa_dos

Those activities are logged in the error log. just check the log file once for a while. Most time you don't need to any thing, as those are taken care of by server itself unless the attacker is not frustrated and keep doing that, then you can block them at firewall level.

We will add a option to send email notification when we further improve the anti-attack engine. With current engine, you may receive too many alerts when it happens.

If your sites got attacked a lot, and current litespeed can not feed off those attack very well, please send us more information about the attack, if you can figure out the pattern of the attack.

I also requested this a while ago. Some people want to see the files being currently served, like the lighttpd server-status module. It'd also be nice to have the ability to drop the connections on demand.